Policy Checklist. Head of Information Governance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Policy Checklist. Head of Information Governance"

Transcription

1 Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust is compliant with the Data Protection Act 1998 and other legislation and standards. To be read in conjunction with the Information Governance Strategy incorporating Framework 2014/ /2017. Directorate responsible for Policy Name & Title of Author: Performance and Reform Claire Graham Head of Information Governance Does this meet criteria of a Policy? Staff side consultation? Equality Screened by: Date Policy submitted to RM&PC: Yes Yes Claire Graham 14 January 2015 Members of RM&PC in Attendance: Siobhan Hanna, Claire Graham, Anita Carroll, Ann McGhee, Karen Anderson, Fiona Wright, Carmel Harney and Janet McKay. Policy Approved/Rejected/ Amended Communication Plan required? Training Plan required? Comments received 29 January 2015 No No 1

2 Implementation Plan required? Yes incorporated in Strategy Any other comments: Date presented to SMT Director Responsible Paula Clarke SMT Approved/Rejected/Amended SMT Comments Date returned to Directorate Lead for implementation (Board Secretary) Date received by Board Secretary (HQ) for database/intranet/internet Date for further review 30 March year default 2

3 POLICY DOCUMENT VERSION CONTROL SHEET Title Supersedes Originator Title: Information Governance Policy Version: 0.5 Reference number/document name: To support Information Governance Strategy incorporating Framework and to meet the requirements of the new Information Management Controls Assurance Standard Name of Author: Claire Graham RM/Policy Committee & SMT approval Title: Head of Information Governance Referred for approval by: Claire Graham Date of Referral: RM/Policy Committee Approval (Date) 14 Jan 2015 tabled for comments Policy Scrutiny Committee approval 30 March 2015 Circulation Issue Date: January 2015 Circulated By: Claire Graham Issued To: As per circulation List (Records Management Committee/Policy Scrutiny Committee Review Review Date: January 2017 Responsibility of (Name): Claire Graham Title: Head of Information Governance 3

4 CONTENTS 1.0 Introduction Scope of Policy Roles and Responsibilities Key Policy Statement Implementation of this Policy Review and Monitoring Evidence Base Consultation Process Appendices. 11 4

5 1.0 INTRODUCTION Information is a vital asset, both in terms of the clinical management of patients and the efficient management of services and resources. It plays a key part in corporate governance, service planning and performance management. It is therefore of paramount importance to ensure that information is efficiently managed and that appropriate policies, procedures and management accountability provide a robust governance framework for information management. 1.1 Purpose The purpose of this document is to provide guidance to all Health & Social Care (HSC) Trust staff on Information Governance compliance. Information Governance sets out the protocol for handling information in a confidential and secure manner to appropriate ethical and quality standards within the HSC. The aim of this document is: To maximise the value of the Trust assets by ensuring that data is: o held securely and confidentially; o obtained fairly and lawfully; o recorded accurately and reliably; o used effectively and ethically; and o shared and disclosed appropriately and lawfully. 2.0 SCOPE OF POLICY This policy applies to all individuals, whether employed or contracted to work for the Southern Health and Social Care Trust (the Trust) including: bank/agency/temporary; volunteer; student/internee; secondee; and contractors (working in or on behalf of the Trust) Reference to information governance in this document shall also mean reference to the following areas: Access to information (Freedom of Information Act 2000 and Subject Access Requests); Data Protection Act 1998; Information Security assurance; Data Quality assurance; Secondary Use Assurance; Records Management compliance; and 5

6 Confidentiality and the common law Duty of Care. This policy applies to all processing activities on information held in any format and type such as (but is not limited to): patient/client/service user information; staff and personnel information; organisation, business and operational information; research, audit and reporting information. All staff, whether employed or contracted, should be aware of their individual responsibilities for the maintenance of confidentiality, data protection, information security management and data quality. Failure to maintain confidentiality may lead to disciplinary action, up to and including dismissal. 3.0 ROLES AND RESPONSIBILITIES 3.1 The Trust The Trust Board is responsible for ensuring that the information governance function is appropriately managed in a manner which complies with relevant legislation and standards. The Trust undertakes the role of the Data Controller. 3.2 The Chief Executive The Chief Executive as the Accountable Officer has overall accountability and responsibility for Information Governance in the Trust and is required to provide assurance through the Statement of Internal Control that all risks, including those relating to information, are effectively managed and mitigated. 3.3 Personal Data Guardian The Medical Director and the Director of Children s and Young People Services have been appointed as the Trust Personal Data Guardians (PDGs). The PDG: ensures that the Trust satisfies the highest practical standards for handling person identifiable information; actively supports work to facilitate and enable information sharing, and advises on options for lawful and ethical processing of information as required; has a strategic role, which involves representing and championing information governance requirements and issues at Trust or management team level and, where appropriate, at a range of levels within the organisation's overall governance framework. 6

7 3.4 The Senior Information Risk Owner The Director of Performance and Reform is the Senior Information Risk Owner (SIRO). The SIRO has overall responsibility for managing information risk across the Trust and is the owner of the Information Asset Register. The SIRO is a member of the Senior Management Team and the Trust Board and provides written advice to the Accounting Officer on the content of the Statement of Internal Control in regard to information risk. See Appendix B - Key Responsibilities of the Senior Information Risk Owner (SIRO) for list of key responsibilities. The SIRO is responsible to the Trust Board for ensuring that all Information risks are recorded and mitigated where applicable. The SIRO is responsible for ensuring that all record management issues (including electronic media) are managed in accordance with the Trust s Information Governance and Records Management Policies. 3.5 Information Governance Lead The Assistant Director of Informatics leads on the Information Governance Programme and provides assurance to the SIRO. 3.6 Head of Information Governance The Head of Information Governance is responsible for ensuring compliance on a day to day basis: to review and update Information Governance policy in line with local and national requirements; ensure that line managers are aware of the requirements of Information Governance and associated policies; monitor and report on compliance with Freedom of Information Act and Data Protection Act 1998; assess risk and advise on information incidents and data breaches to ensure consistent reporting to regulatory bodies; achieve compliance with the Information Management Controls Assurance Standard (IM CAS); and provide advice and guidance on Information Governance issues with targeted training as appropriate. 3.7 IT Security Manager The IT Security Manager is responsible for IT security within the Trust by providing advice on the design and implementation of IT security aspects of IT solutions; providing technical leadership on all aspects of the Trust s ICT security infrastructure ensuring Best Practice standards are adhered to; investigating ICT security breaches and incidents and; ensuring ICT security services operational documentation is up-to-date. 7

8 3.8 Information Asset Owner Information Asset Owners (IAOs) are directly accountable to the SIRO and must provide assurance that information risk is being managed effectively in respect of the information assets that they own. The IAO role is to understand and assess risks to the information assets they own and to provide assurance to the SIRO (via Head of Information Governance) on the security and use of those assets. They will ensure that all threats, vulnerabilities and impacts are properly assessed and included in their Directorate Risk Register and where necessary that these are escalated to the Corporate Risk Register by the Director. See Appendix C - Key Responsibilities of the IAO - for a list of key responsibilities for Information Asset Owners. 3.9 All Staff It is the responsibility of each employee to adhere to this policy and all supporting Information Governance policies, procedures and guidance. All staff members are required to undertake mandatory information governance e- learning modules. Information governance training is required to be undertaken on a three yearly basis. All staff must ensure that they use the Trust s Information Technology systems appropriately, and adhere to the acceptable use of Information, Communication, Technology (ICT) Policy Information Governance Forum The Information Governance Forum has responsibility for overseeing the implementation of the Information Governance Strategy incorporating Framework, and the Information Governance Policy. The Forum is also responsible for the annual Information Management Controls Assurance Standard (IM CAS) assessment and oversees and monitors the implementation of the IM CAS Action Plan. 4.0 KEY POLICY STATEMENT 4.1 Definitions Information Governance is the framework of law and best practice that regulates the manner in which information (including information relating to and identifying individuals) is managed, i.e. obtained, handled, used and disclosed. 4.2 Policy Statement The Trust s Information Governance Policy sets out a framework of standards which encompasses all statutory, mandatory and best practice requirements regarding information management. The Trust s performance is mandated by the Information 8

9 Management Controls Assurance Standard (IM CAS), is reported annually to the Department of Health, Social Services & Public Safety (DHSSPS) and forms a part of the Trust s assurance processes. (Please also refer to the Trust s Information Governance Strategy incorporating Framework 2014/ /17). 4.3 Legislative Compliance, Relevant Policies, Procedures and Guidance Information Governance provides a consistent way for employees to deal with the many different information handling requirements. The Trust, as the legal person and Data Controller for the purposes of the Data Protection Act 1998 will ensure that all personal data it holds is controlled and managed in accordance with the principles of the Data Protection Act 1998, European Convention of Human Rights (Article 8), Human Rights Act 1998 and common law Duty of Confidentiality. This is set out in the Trust s Data Protection Policy and Records Management Policy. 4.4 Privacy Impact Assessments For new service implementation or service change, the Project lead must liaise with the Head of Information Governance regarding the completion of a Privacy Impact Assessment (PIA). This assessment will consider privacy aspects and mitigate against any potential risk to personal/personal sensitive information. 4.5 Information Governance Data Incidents Head of Information Governance must be notified immediately of all information security incidents involving the unauthorised disclosure of personal identifiable data/information for consideration of any necessary actions. A key function of the Information Governance Forum is to monitor and review untoward occurrences and incidents relating to Information Governance and to ensure that effective remedial and preventative action is taken. Information incident reporting is in line with the Trust s overall incident reporting processes. 5.0 IMPLEMENTATION OF THIS POLICY The implementation of this Policy is evidenced and monitored through the agenda of the Records Management Committee. The Records Management Committee agenda and the Information Management Controls Assurance Standard action plan (IM CAS) encompass the objectives of this policy and Data Protection Act principles. 5.1 Dissemination This policy will be disseminated via the Policy Scrutiny Committee in line with Trust procedure. It is the responsibility of all Managers to ensure that staff have access to this policy. 9

10 5.2 Resources Training and Education All staff should receive basic information governance training appropriate to their role through either face to face training or an elearning package on the Trust s elearning platform. Information Governance Training is incorporated into the Trust s Mandatory Training programme. It is a mandatory requirement for all staff in the Trust, without exception to undertake Data Protection training which is appropriate to their role. This includes staff on temporary contracts, secondments, agency staff, students and volunteers. Different levels of training will be delivered: All staff to receive Information Governance awareness training as part of their corporate induction programme. Departmental induction must ensure that staff are made fully aware of all Information Governance policies and procedure. Practitioner level training e.g. SIRO (Senior Information Risk Owner), Personal Data Guardian, Information Asset Owners and Information Governance Team. 6.0 REVIEW AND MONITORING This Policy will be reviewed in line with the Trust s Information Governance Strategy Incorporating Framework and monitoring process to ensure compliance with legislation and the requirements of the Information Management Controls Assurance Standard. 7.0 EVIDENCE BASE DHSSPS Information Management Controls Assurance Standard (2013); Southern Health & Social Care Trust Information Governance Strategy Incorporating Framework 2014/ /2017; IT Security Policy Records Management Policy Data Protection Act Policy Data Quality Policy 8.0 CONSULTATION PROCESS The consultation process will be in line with the Trust s procedure for consultation on the introduction of new/revision of existing Trust policy. 10

11 APPENDICES Appendix A Information Risk/Roles and Responsibilities Appendix B Key Responsibilities of the SIRO Appendix C Key Responsibilities of the IAO 11

12 Appendices Appendix A - Information Risk/Roles and Responsibilities Accountable Officer Chief Executive Receive advice Statement of Internal Control Receive SIRO Annual Report Receive Regular reporting SIRO Director of Performance and Reform Own Risk Policy/Review Own Risk Assessment Process Information Risk Action Plan Advise on Information Risk Issues Receive risk reviews Provide regular advice/assurance Undertake training. IAO IAO IAO Authorise Information Asset Transfers Provide/receive regular advice Create/maintain own IA register Conduct biannual review of owned assets Provide annual written Risk Assessment to SIRO via HOS IG Authorise requests for access Undertake Training 12

13 Appendix B - Key Responsibilities of the Senior Information Risk Owner (SIRO) To oversee the development of an Information Risk Policy, and a Strategy for implementing the policy within the existing Information Governance Strategy Incorporating Framework. To take ownership of the risk assessment process for information risk, including review of the annual information risk assessment to support and inform the Statement of Internal Control. To review and agree an action plan in respect of identified information risks via the Information Governance Forum. To ensure that the Trust s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff. To provide a focal point for the resolution and/or discussion of information risk issues. To ensure the Board is adequately briefed on information risk issues. To advise the Chief Executive and the Trust Board on information risk management strategies and provide periodic reports and briefings on the Information Governance annual programme of work. 13

14 Appendix C - Key Responsibilities of the Information Asset Owners (IAO) To understand and address risks to the information assets they own and provide assurance to the SIRO on the security and use of these assets (understands the Trust s plans to achieve and monitor the right Information Governance culture across the Trust. IAO s will take appropriate actions to: - Know what information they hold, - Know who has access to the information and why, - Ensure the confidentiality, integrity, and availability of all information that their system creates, receives, maintains, or transmits and protect against any reasonably anticipated threats or hazards to the security or integrity of such information. - Ensure that information assets are considered within the Directorate Risk Register assessment process on a quarterly basis - provide assurance to the SIRO on an annual basis in respect of security of information assets - Approve and oversee the disposal of information of the asset when no longer needed in line with ICT Procedure and or/the Trust Retention & Disposal Schedule. 14

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

SHAREPOINT GOVERNANCE POLICY

SHAREPOINT GOVERNANCE POLICY SHAREPOINT GOVERNANCE POLICY Joanne McEvoy Directorate of Performance and Reform July 2012 Review Date: 1 of 7 Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Information Governance Strategy 2015-2018

Information Governance Strategy 2015-2018 Introduction Information Governance Strategy 2015-2018 This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

TRUST SECURITY MANAGEMENT POLICY

TRUST SECURITY MANAGEMENT POLICY TRUST SECURITY MANAGEMENT POLICY EXECUTIVE SUMMARY The Board recognises that security management is an integral part of good, effective and efficient risk management practise and to be effective should

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

Corporate Policy and Strategy Committee

Corporate Policy and Strategy Committee Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset

More information

Corporate Health and Safety Policy

Corporate Health and Safety Policy Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name & Title of Author: Does this meet criteria of a Policy? Trade Union consultation? Equality Screened by: Date

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Courier Policy. 1 P age

Courier Policy. 1 P age Courier Policy UNIQUE REF NUMBER: AC/IG/009/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY VERSION DATE AMENDMENT

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from August 2009 Date last amended August 2009

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Wiltshire Police Force Information Security Policy

Wiltshire Police Force Information Security Policy Wiltshire Police Force Information Security Policy Table of Contents 1. INTRODUCTION 2. PURPOSE 3. SCOPE 4. POLICY STATEMENT 5. ROLES & RESPONSIBILITIES 6. ACCREDITATION 7. MOBILE & REMOTE WORKING 8. 3

More information

SALISBURY NHS FOUNDATIONTRUST

SALISBURY NHS FOUNDATIONTRUST SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information

IT SECURITY POLICY (ISMS 01)

IT SECURITY POLICY (ISMS 01) IT SECURITY POLICY (ISMS 01) NWAS IM&T Security Policy Page: Page 1 of 14 Date of Approval: 12.01.2015 Status: Final Date of Review Recommended by Approved by Information Governance Management Group Trust

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information